From: 'Leander Jehl' via tlaplus
Date: Thu, 12 Nov 2020 00:05:34 -0800 (PST)

I have a specification with constant Blocks and a function prev \in [Blocks -> Blocks] that defines a tree.

I would like to define an ancestor relation on that tree and prove statements like reflexivity and transitivity.

If I try to prove NatInductiveDefConclusion, it triggers a bug in TLAPS.

I would be grateful for any tips on how to define the ancestor relation, or how to avoid the bug.

Here is my current definition of the ancestor relation:

Extend(A) == A \cup { <<b,c>> \in Blocks \X Blocks: <<b,prev[c]>> \in A }

A0 == { <<b,c>> \in Blocks \X Blocks: b=c }

ancestors[i \in Nat] == IF i=0 THEN A0

ELSE Extend(ancestors[i-1])

Ancestor(b,c) == /\ height[b] <= height[c]

/\ height[c] - height[b] \in Nat

/\ <<b,c>> \in ancestors[height[c] - height[b]]

My complete tree specification can be found here:

https://github.com/leandernikolaus/hotstuff-ivy/blob/master/Tree.tla

Thanks,

Leander

